发明名称 |
SYSTEM, METHOD AND PROGRAM PRODUCT FOR DETECTING PRESENCE OF MALICIOUS SOFTWARE RUNNING ON A COMPUTER SYSTEM |
摘要 |
A method, apparatus, and computer program product for identifying malware is disclosed. The method identifies processes in a running process list on a host computer system. The method identifies ports assigned to the processes in the running process list on the host computer system. The method determines whether any one of ports that is currently in use in the host computer system is not assigned to any of the processes in the running process list. The method then makes a record that a hidden, running process is present as a characteristic of an attack in response to a determination that one of the ports is currently in use but is not assigned to any of the processes in the running process list in the host computer system. |
申请公布号 |
EP2294786(A2) |
申请公布日期 |
2011.03.16 |
申请号 |
EP20090752766 |
申请日期 |
2009.10.14 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
OLLMANN, GUNTER, DANIEL |
分类号 |
G06F21/56;G06F9/445;G06F11/34;H04L29/06 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|